A man wears a cross and a shirt with the portrait of Russian President Vladimir Putin as he arrives for an event commemorating the end of World War II 72 years ago; Berlin, May 9, 2017. Photo by Markus Schreiber/Associated Press.

The most dramatic development of France’s recent Presidential election was last Friday’s announcement by the Emmanuel Macron campaign that their email and account records had been the target of a massive hacking operation by foreign intelligence operatives. According to reports released in the week leading up to the election, responsibility for the attack lies with the same group that has been implicated in the hacking of the DNC servers, namely the Russian intelligence service APT28, otherwise known as “Fancy Bear.”

By now, the Kremlin’s methods are becoming familiar: infiltrating email and other electronic data in order to sway public opinion through embarrassing revelations against political candidates the Russians disfavor, as they did by releasing Democratic National Committee emails via Wikileaks in the 2016 US election; creating “fake news” and using social media to create negative press around those disfavored candidates; publicizing their own infiltration methods to create fear and confusion around the integrity of democratic processes; and pouring funds into the coffers of favored political candidates, laundered through disguised and unlikely intermediaries.

Macron’s landslide victory on Sunday indicates that Russia’s hack and dump, along with other methods, may have had less traction in a European environment than in the United States. But why? Since all of the strategies the Kremlin used in the U.S. case were trotted out in France, why were the Russians ultimately unable to make more headway in favor of Marine Le Pen, who, after all, was about as favored to win going into the run-off as Donald Trump a few weeks before the American election?

While we will no doubt learn more in the coming weeks and months, we should note the measures France takes to guard against disruptive foreign influences. We can only speculate about what factors contributed to Macron’s victory, but the different approaches to freedom of the press and speech between France and the United States highlights an existential crisis for well-off democracies in the Kremlin’s crosshairs: Should we attempt to protect the integrity of the public’s knowledge base by restricting the information it receives, or is it better to fight the corruption of public news sources with more news, and the degradation of facts with more facts, in the hope that the truth will eventually win out? If we are willing to restrict freedom in order to protect it, what measures should we take to prevent and contain the spread of such destabilizing cyber interference?

France’s mandatory election news blackout 36 hours prior to the opening of the polls—which bars candidates from making statements and media from reporting election data, including exit polls—may have been fortuitous for Macron: It coincidentally had the beneficial effect of avoiding dissemination of last-minute “revelations” with the potential to throw public opinion immediately prior to the election. Other French laws, such as limitations on campaign finance, may have made it difficult for the Russians to surreptitiously funnel money into French campaigns or to wield control over French candidates through financial leverage.

Both of these measures are currently unthinkable in the American First Amendment landscape: A mandatory news blackout, or restrictions on what the press can report, seems un-American, and might not stand up to a constitutional challenge in a federal court. And while candidates cannot accept contributions from foreign governments, the restrictions on political campaign financing are weak and easily circumvented in the United States. Americans are thus limited in the defensive tools we have at our disposal. Then because we cannot restrict harmful speech, we like to comfort ourselves with the thought that the antidote to fake press and distorted speech is more speech and an even freer press.

Is it not clear we have it right and the French, and other European nations that have been willing to tolerate greater restrictions on speech in the name of truth, have it wrong. We have always prided ourselves, for example, on the fact that no matter how abhorrent the sight of a publicly displayed swastika is for us, we have not taken the route of European countries and succumbed to a “ban” of that symbol. But perhaps some speech that is false, heinous, and deceitful is not worth protecting after all, and further that because of the national security threat allowing such speech poses, and the powerful multiplying effect of disseminating “fake news” through social media channels, it is time to consider whether taking measures to protect national security by limiting access to the gigantic megaphone of Facebook and Twitter is not long overdue. While the United States is unlikely to adopt the same measures instituted in France, perhaps it is time for Americans to consider whether some such controls are more likely to protect freedom of the press in the long run than allowing the open marketplace of ideas to threaten the very purpose our open access to information is mean to serve.

The lesson we must draw from the Kremlin’s recent attempts at destabilizing elections in Europe and the United States is that institutions that are dependent on the concept of popular sovereignty are sitting ducks for foreign intervention carried out by cyberattack, cyber influence, and cyber manipulation. Russian intelligence operatives are technologically sophisticated and they understand the vulnerability of any political system that revolves around popular political will.

With these techniques firmly developed, Russia’s aim to destabilize democratic institutions as significant as NATO or the European Union, as well as its attempts to bring totalitarian leaders to power who will manipulate public opinion in Russia’s favor, no longer seem outlandish or out of reach. The cockiness of Russian intelligence services puts nothing beyond bounds, including the fake “Cal-Exit” movement, a Russian-inspired phony grassroots movements whose founder and director is now seeking permanent asylum in Russia, as well as in the concocted display of support for the idea of giving Alaska back to the Kremlin.

But why are Russian covert operations suddenly such a force to be reckoned with? Why now? Partly, perhaps, the answer lies in Russia’s relatively low military and economic power in comparison to its ambitions at this point in history—a formula that has resulted in right-wing extremism at other critical junctures in history. But the other half is the high degree of dependence on technology, particularly informational technology, among Western democracies. Compared to other vulnerabilities, cyber communications are comparatively easy to infiltrate, and a society governed by exchange of electronic information is thus intrinsically and unalterably at risk for this type of attack.

Advanced democracies are particularly vulnerable to both forms of cyberattack—invasion of cyber communications and manipulation of public opinion through social media. Wealthy nations are paradoxically more vulnerable than less affluent ones, since they are more highly dependent on computerized infrastructure and communication. But the critical point is that the vulnerability of democratic nations is a function of the degree to which popular opinion impacts political outcomes, as well as their commitment to freedom of expression and unfettered speech that attends the concept of popular sovereignty. The vulnerability of advanced Western powers to cyberattack is the great equalizer of our day in modern conflict: Weaker countries can exploit the increased vulnerability of stronger countries in order to capture influence and power. And though the asymmetric aggressor is the Kremlin now, smaller countries or organizations are starting to catch on and will pose an increasing threat in the future.

The advent of cyber espionage has thereby transformed the nature of the threat to our national security in a more profound way than we have heretofore realized. Our worry about cyber interference for the past decade has mostly been focused on scenarios where a foreign nation attacks U.S. critical infrastructure by sending a computerized virus into our command and control centers, disabling our weapons, our power grid, our financial institutions, and indirectly potentially causing massive casualties. But just as we are coming to terms with the idea of “cyberwar,” it is becoming increasingly apparent that perhaps conceiving of the dangers of the cyber domain in terms of “attacks” has us turning a blind eye to the most significant threat to our security, which is to public trust and democracy itself.

Even if we effectively figure out how to guard against intrusive hacking on the part of foreign governments, there is a form of interference that works by direct manipulation of the people, namely covert operations designed to impact public opinion. Since the people are the true sovereign in a democracy, this kind of interference poses the greatest threat to the independence of democratic governance.

Such manipulations cannot be identified with the concept of “war,” even expanding that concept to include “cyberwar.” If the core of democratic governance can be threatened by the massive injection of “fake news” into legitimate informational conveyances such as Facebook, that suggests the need to prepare for a wholly different type of threat to our national security. Just as the advent of nuclear weapons and the possibility of mutually assured destruction between the United States and the Soviet Union required a wholesale revision of our diplomatic and military strategies, so the advent of the cyber age has catapulted us into a world in which national self-defense may require a transformation of our strategies for preserving democratic governance.

Balanced regulation of the cyber world, coupled with sophisticated intelligence and defense strategies, as well as educational efforts around cyber communications, are some of the options that urgently merit exploration. My Center at Penn Law will be holding an interdisciplinary meeting of high-level experts next fall to engage in precisely this kind of exploration.

Becoming more sophisticated about how we protect democratic institutions is not just desirable; it is a matter of survival. Without a more capacious view of the nature of the threats to popular sovereignty, democracy is likely to prove a short-lived experiment.

 
Claire Finkelstein is the Algernon Biddle Professor of Law and Professor of Philosophy at the University of Pennsylvania, and the founder and faculty director of the Center for Ethics and the Rule of Law (CERL).

BROUGHT TO YOU BY